[lug] cisco678 - PPP - /29
techzone at greeleynet.com
Sun Nov 3 18:23:54 MST 2002
----- Original Message -----
From: "j davis" <davis_compz at hotmail.com>
To: <lug at lug.boulder.co.us>
Sent: Sunday, November 03, 2002 2:23 PM
Subject: Re: [lug] cisco678 - PPP - /29
> >Using eth0 and vip0, the only way I could finally get it to both NAT and
> >route was to add the following to configure the outside port for NAT. I
> >assume you want to keep NAT enabled. Qwest 2nd tier support and ISP were
> >not helpful and I had to dig this out of CISCO docs and even that wasn't
> >clear that it was the issue. (FWIW, Cisco 675s did this fine out of the
> >set int wan0-0 outside-ip 22.214.171.124 (in your case)
> >Also do
> >show int eth0
> >show int vip0
> >Your public subnet should be set to outside. Your rfc1918 subnets should
> >set to inside. I recently added a second rfc1918 subnet to vip1 and had
> >set int vip1 inside
> >to get NAT working on that subnet. It defaulted to outside for some
> >following any changes.
> >I assume you've added the route for your subnet then. If not, you'll
> >Frank Whiteley
> Hi Frank,
> I think i did all that you said. But my connection for the non nat-ed
> public ips on vip0 comes and goes.I did not add any routes though.
> Below are the outputs of sho run and sho route and sho int. Could
> you tell me if everything looks right....Also, when i ping
> out from a ip on the vip0 subnet (ie 126.96.36.199) I can see
> that the trafffic is making the internet...i think, i feel the problem
> is getting a route back in. I dont reall care to have nat working..
> just the only way i have gotten any connection at all.
> Thanks for your time,
> sho route....
> cbos#sho route
> [TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF]
> 0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0
> 188.8.131.52 255.255.255.248 0.0.0.0 1 LA VIP0
> 10.0.0.0 255.255.255.0 0.0.0.0 1 LA ETH0
> 184.108.40.206 255.255.255.0 0.0.0.0 1 A WAN0-0
> WAN Interfaces...
> 220.127.116.11 255.255.255.255 0.0.0.0 1 HA WAN0-0
This looks fine.
> sho run.....
> cbos#sho run
> Warning: traffic may pause while NVRAM is being accessed
> [[ CBOS = Section Start ]]
> NSOS MD5 Enable Password =
> NSOS Virtual IP Address = 00, 18.104.22.168
> NSOS Virtual Netmask = 00, 255.255.255.248
> NSOS MD5 Root Password =
> NSOS MD5 Commander Password =
> [[ PPP Device Driver = Section Start ]]
> PPP Port Option = 00, IPCP,IP Address,3,Auto,Negotiation Not
> PPP Port Option = 00, IPCP,Primary DNS Server,129,Auto,Negotiation Not
> PPP Port Option = 00, IPCP,Secondary DNS Server,131,Auto,Negotiation Not
> PPP Port User Name = 00, jdavis
> PPP Port User Password = 00, ****
> [[ ATM WAN Device Driver = Section Start ]]
> ATM WAN Virtual Connection Parms = 00, 0, 32, 0
> [[ IP Routing = Section Start ]]
> IP NAT = enabled
> IP NAT Outside IP = 22.214.171.124
I'll assume you've changed your passwords;^)
This looks okay, however, I'm using a different CBOS version and get
different info displayed. I was seeing something odd a few minutes ago
while running Matt's traceroute to your 210 and 212 public IPs, but I
suspect you were rebooting. I have seen odd routing when the ISP
inadvertently assigned the SAME subnet to two users. We could do some
things, but not all things. Your userID is crl? If not, there could be a
problem. CNSP seems large enough to have the inadvertant routing problem.
A quick ARIN check was inconclusive other than the assigned IPs were in a
range allocated to CNSP. This is just something to double check if other
ideas don't work out. It can absorb a lot of time.
> sho int...
> cbos#sho int
> IP Address Mask
> eth0 10.0.0.1 255.255.255.0
> vip0 126.96.36.199 255.255.255.248
> vip1 0.0.0.0 255.255.255.0
> vip2 0.0.0.0 255.255.255.0
> wan0 Physical Port: Trained
> Dest IP Address Mask
> wan0-0 188.8.131.52 255.255.255.255
What does show int vip0 return? Though I doubt it, is there any chance of
> sho nat....
> cbos#sho nat
> NAT is currently enabled
> Port Network Global
> eth0 Inside
> wan0-0 Outside 184.108.40.206
> vip0 Outside 220.127.116.11
> vip1 Outside
> vip2 Outside
> Local IP : Port Global IP : Port Timer Flags Proto
> 10.0.0.2:32808 18.104.22.168:10001 86400 0x00046 tcp eth0
> 10.0.0.2:32769 22.214.171.124:10001 90 0x00046 udp eth0
> 10.0.0.2:40744 126.96.36.199:40744 30 0x00046 icmp eth0
> 10.0.0.1:1329 188.8.131.52:1329 30 0x0004A icmp eth0
AHA! vip0 Global appears wrong. I have no value in mine and all of my
global IPs poinnt to my static IP You seem to have a mismatch on with the
global IP 184.108.40.206 assignment.
More information about the LUG